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ABSTRACT 



Described are a method of programming a programmable 
logic device using encrypted configuration data and a pro- 
grammable logic device (PLD) adapted to use such 
encrypted data. A PLD is adapted to include a decryptor 
having access to a non-volatile memory element pro- 
grammed with a secret decryption key. Some or all of the 
decryptor can be instantiated in configurable logic on the 
FPGA. Encrypted configuration data representing some 
desired circuit functionality is presented to the decryptor. 
The decryptor then decrypts the configuration data, using the 
secret decryption key, and configures the FPGA with the 
decrypted configuration data. Some embodiments include 
authentication circuitry that performs a hash function on the 
configuration data used to instantiate the decryptor on the 
PLD. The result of the hash function is compared to a 
proprietary hash key programmed into the PLD. Only those 
configuration data that produce the desired hash result will 
instantiate decryptors that have access to the decryption key. 
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METHOD AND APPARATUS FOR SUMMARY 

PROTECTING PROPRIETARY ™ ,. ,u a t « 

CONFIGURATION DATA FOR 11,6 pteseDt lnven L V° n , " * " melh ° d ° f ? nflg " 

PROGRAMMABLE LOGIC DEVICES ™ ng , a P»»«"^ lo g lc devico «ang encrypted con- 

s figuration data, and to a programmable logic device adapted 
to use such encrypted configuration data. 

FIELD OF THE INVENTION In one embodiment, a type of programmable logic device 

This invention relates generally to programmable logic ^^l* 1 ^ ^T*?* &S \ & e l d -programmable gate array 

, . i , \u a a ? (FPGA) is adapted to include a decryptor and a non-volatile 

devices, and in particular to methods and apparatus for v i * j . j ^ 

. . r , . c ui i • in memory element programmed with a secret decryption key. 

encrypting data used to configure programmable logic JU „ « r *i_ j * i_ * * . j T • c 

, . t , , , , . , , .u & Some or all of the decryptor can be instantiated in config- 

devices to protect that data from theft. , . . t , ™^ A ^ , . 

r urable logic on the FPGA. Once the decryptor is 

BACKGROUND instantiated, encrypted configuration data representing some 

nn 4 . , , desired circuit function is presented to the decryptor. The 

FIG. 1 depicts an example of a chip set 100 that includes decryptor then decrypts the configuration data, using the 

some general-purpose readonly memory (ROM) 110 con- secret decTyption keVj m6 configures the FPGA with the 

nected to a general-purpose FPGA 120. FPGA 120 conven- decrypted configuration data. 

tionally includes an array 130 that can be configured to _ . , . • ^- ^ L j ■ . - j 

, _i 4 . if i • •* -iyin a— ha • For implementations in which the decryptor is instantiated 

implement custom functional circuitry 140. Array 130 is . n *• flL ™^ * i iL . * ■ 

. * n r ^ 1 1 i • • i i ft~*\ r> \ in configuration memory of the FPGA, a clever thief might 

typically an array or configurable logic blocks (CLBs) . fe * , : iL . . . L A . . , . , 

,, ■ / , t\ u *u j i 20 engineer an FPGA design that, when instantiated, simply 

proerammably mterconnected to each other and to program- & , , • i 6 . ... . 

ui ■ w * * ui i /t^t> \ r j 7 -1 j reads the decryption key and presents the key on an output 

mable input/output blocks (IOBs). For a more detailed . ™vT A ~ / . f, . . , 

j • • r T-T>r> a *u j * rre n * xt pin of the FPGA. To forestall such a secunty breach, an 

discussion of FPGAs, see the co-pending U.S. Pat. No. (L-- . . , , , ,/ 4 * , 

z- rv-io u- u • !i u ^ o/w* « ^ * FPGA in accordance with a second embodiment of the 

6,028,445 which issued on Feb. 22, 2000, ecoder Structure . . . . A . Al 4 

j » ^ iL j r ™^ a/^ c 4* «u^ r.T mvention includes authentication circuitry that performs a 

and Method for FPGA Configuration, by Gary R. Lawman, . , , 4 . , . „ , t < 4 . . . 

.... . rt . . , . . , J 25 hash function on the configuration data used to instantiate 

which is incorporated herein by reference. . . _ _ * , , _ . 

r . ... , . the decryptor. The result of the hash function is compared to 

A vendor may use a l chip set similar to chip set 100 to a ietary hash key p rogramme d into a second non- 
supply any number of different circuit designs while stock- yoUtile me element 0Q the pp GA 0n] those d 
ing only a single general-purpose FPGA and some general- tQrs whose confi tion data duce the desired hash 
purpose memory, pe vendor supplies a customer with a 3Q ^ will have access to the decryption key . 
custom version of chip set 100 by simply programming 

ROM 110 with the configuration data required to implement BRIEF DESCRIPTION OF THE FIGURES 
the customer's desired function. 

Configuration data are typically downloaded into an l FIG - \ dfP^ an sample of a conventional chip set 100 
FPGA (or other type of programmable logic device) as a 35 ™ c ^ es some general-purpose read-only memory 
series of bits known as a configuration bitstream. Anyone (ROM) 110 connected to a general-purpose FPGA 120. 
having access to the configuration bitstream for a particular FIG. 2 is a block diagram of an FPGA 200 in accordance 
design can easily copy the design. In the foregoing example with an embodiment of the present invention, 
in which a vendor sells a custom circuit as a set of configu- FIG. 3 is a block diagram of an FPGA 300 in accordance 
ration data combined with a general-purpose FPGA, an 40 with another embodiment of the present invention, 
unscrupulous customer could easily copy the configuration pi G 4 { s a flowchart 400 depicting the process of pro- 
data and use it to program any number of additional FPGAs. gramming FPGA 300 of FIG. 3 to include a decryptor and 
A Design is may also be stolen by reverse engineering the some functional circuitry 

design from the configuration bitstream and then adapting piQ 5 is a flowchart 500 summarizing the conventional 

the design for another FPGA or even a different circuit 45 Data Encryptioa Standard (DES ) encryption algorithm, 

technology. Naturally, developers 01 custom configuration , ' ^ , t t t 

data for use in programmable chip sets are concerned for the ^ 9" 6A f a bl °? ? ia fr 600 ? prese °^ g /^ ha , sh 

security of their designs. function performed by hash-function logic 320 of FIG. 3. 

Some customers develop their own circuit designs and FIG - 65 15 a flowchart 650 illustrating a method of 

implement them on FPGAs. Designing complex circuits 50 P^ formin g the hash function of FIG * 6A on a decryptor 

from basic logic gates, or "primitive cells," can be very time bitstream made up of an arbitrary number of 64-bit data 

consuming. More complex functions called macros, or blocks. 

"cores," are therefore developed to represent more complex DETAILED DESCRIPTION 
logic functions. These cores can then be used as building 

blocks for assembling yet more complex circuit designs. 55 FIG. 2 shows an FPGA 200, which includes configuration 

A number of core developers design and market cores for logic 205 and an array 210 of configurable elements. 

FPGAs and other types of programmable logic devices Although not shown, configurable array 210 typically 

(PLDs). Customers purchase these cores and use them to includes CLBs, interconnect lines, and IOBs similar to those 

program PLDs to achieve desired functions. For example, a described above in connection with FIG. 1. FPGA 200 is 

collection of cores for implementing standard bus interfaces 60 configured by loading one or more configuration bitstreams 

and signal-processing functions is available from Xilinx, into internal memory cells in array 210 that define how the 

Inc., of San Jose, Cali., under the name LogiCORE™. As CLBs, interconnect lines, and IOBs of array 210 are con- 

with the configuration data in the example of FIG. 1, PLD figured. FPGA 200 also includes some non-volatile memory 

cores and circuit designs that employ them are easily stolen. 212 adapted to include a decryption key. 

Core developers are therefore concerned for the security of 65 In accordance with the invention, FPGA 200 is configured 

their cores. There is therefore a need for a means of securing using two configuration bitstreams. The first, a decryptor 

cores and other proprietary configuration data. bitstream 213, includes configuration data designed to 
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instantiate a decryptor 215 in array 210. The second, an 345. In one embodiment, hash-function logic 320 encrypts 
encrypted bitstream 216, is encrypted configuration data the incoming decryptor bitstream using a technique corn- 
designed to instantiate some desired functional circuitry 225 monly known as cipher-block chaining (CBC). This embodi- 
in array 210. Encrypted bitstream 216 might represent ment is described below in connection with FIGS. 6A and 
proprietary bus-interface logic, for example. S 6B. 

FPGA 200 is programmed by first supplying decryptor If in step 415 the hash result in hash register 322 does not 
bitstream 213 to configuration logic 205. Configuration match hash key 342, then the incorrect key (or no key) is 
logic 205 uses decryptor bitstream 213 to instantiate a presented to the instantiated decryptor (step 420). Without 
decryptor 215 within array 210. Encrypted bitstream 216, access to the correct decryption key 345, any subsequent 
for implementing the proprietary functional circuitry, is then 1° attempt to decrypt an incoming encrypted bitstream 357 wilt 
presented to an input terminal of decryptor 215. Decryptor fail (step 425), resulting in a dysfunctional FPGA. If the 
215 uses a pre-programmed key in non-volatile memory hash result in hash register 322 matches hash key 342, then 
(NVM) 212 to decrypt encrypted bitstream 216 and present the correct decryption key 345 is presented to the instan ti- 
the resulting decrypted bitstream to configuration logic 205. ated decryptor 350 (step 430). 

Configuration logic 205 then uses the decrypted bitstream to 35 Encrypted bitstream 357, representing the proprietary 

instantiate proprietary functional circuitry 225. Dashed functional circuitry 355, is presented to the instantiated 

arrows in FIG. 2 depict the data path along which encrypted decryptor 350 in the FPGA (435). With access to the correct 

bitstream 216 is decrypted and instantiated as functional decryption key 345, decryptor 350 will correctly decrypt 

circuitry 225. encrypted bitstream 357 and provide the resulting decrypted 

In reference to FIG. 1, a vendor might sell the general- 20 bitstream to an input terminal of configuration logic 305. 

purpose chip set 100 with some proprietary configuration Finally, configuration logic 305 configures array 315 using 

data stored in ROM 110. In accordance with the invention, the decrypted bitstream to instantiate functional circuitry 

the proprietary data can be encrypted and FPGA 100 modi- 350 (step 440), resulting in a functional FPGA. 

fied to include non-volatile memory 212 programmed with FPGA 300 includes one example of circuitry designed to 

a secret decryption key. The encrypted configuration data 25 deny decryption-key access to unauthenticated circuits, 

would only work with those FPGAs programmed to include Hash-function logic 320 stores the hash result from decryp- 

the correct key. Thieves will therefore find it very difficult to tor bitstream 352 in hash register 322. XOR gate 325 then 

copy the configuration data. compares the hash result in hash register 322 with the secret 

FIG. 3 shows an FPGA 300 that includes configuration 3Q hash key 342. If the hash result and hash key match, then 

logic 305, random-access memory (RAM) 310, and an array XOR gate 325 outputs a logic zero to a first input terminal 

315 of configurable logic. In accordance with the invention, of XOR gate 330. If, on the other hand, the hash result in 

FPGA 300 additionally includes hard-wired hash-function hash register 322 and hash key 342 do not match; then XOR 

logic 320, a hash register 322, a pair of XOR gates 325 and gate 325 outputs a logic one to the first input terminal of 

330, and non-volatile memory (NVM) 335. NVM 335, in 35 XOR gate 330. 

turn, includes memory locations 340, 342, and 345 for Decryption key 345 connects to the second input terminal 

storing respective encryption, hash-function, and decryption of XOR gate 330. XOR gate 330 outputs decryption key 345 

keys. NVM 335 may be, for example, conventional flash, when the input terminal from XOR gate 325 is a logic zero, 

antifuse, or mask programmed memory. Also in accordance and outputs an inverted version of decryption key 345 when 

with the invention, array 315 includes a decryptor 350 4Q the input terminal from XOR gate 325 is a logic one. As 

derived from a decryptor bitstream 352 and some propri- discussed above, XOR gate 325 provides a logic zero to 

etary functional circuitry 355 derived from an encrypted XOR gate 330 only when the hash result in hash register 322 

bitstream 357. In one embodiment, FPGA 300 is one of the matches hash key 342. Thus, XOR gate 330 will only 

Virtex™ family of FPGAs available from Xilinx, Inc. present the correct decryption key if the hash function of 

FIG. 4 is a flowchart 400 depicting the process of pro- 45 decryptor bitstream 352 matches hash key 342. 

gramming FPGA 300 of FIG. 3 to include decryptor 350 and For illustrative purposes, XOR gates 325 and 330 are each 

functional circuitry 355, This process is performed auto- shown to include two input terminals and one output termi- 

matically each time FPGA 300 is powered on or reset, nal. However, XOR gates 325 and 330 typically include a 

Beginning with step 405, decryptor bitstream 352 is pre- number of input terminal pairs and an equal number of 

sen ted to a designated I/O pin of FPGA 300. Configuration 50 output terminals. In one embodiment, for example, each of 

logic 305 uses decryptor bitstream 352 to instantiate decryp- XOR gates 325 and 330 includes 64 pairs of input terminals 

tor 350 into array 315. Decryptor bitstream 352 is sent "in and 64 output terminals. In that embodiment, XOR gate 330 

the clear," meaning that it is not encrypted. Transmitting compares a 64-bit hash result in hash register 322 with a 

decryptor bitstream 352 in the clear is not considered a 64-bit hash key 342. If any bit does not match, then the 

breach of security because cryptographers assume that 55 corresponding output bit from XOR gate 325 will be a logic 

everyone knows the encryption algorithm. The security lies one. Consequently, the signal on the corresponding output 

in the secrecy of decryption key 345. terminal from XOR gate 330 will be logically opposite the 

A clever thief might engineer an FPGA design that, when appropriate decryption key bit, and the circuit instantiated 

instantiated into array 315, simply reads decryption key 345 by the bitstream that produced the incorrect hash result will 

and presents the key on an output pin. To forestall such a 60 not have access to the correct decryption key. 

security breach, FPGA 300 authenticates decryptor 350 by While the output terminal of hash key 342 and hash 

performing a hash function on decryptor bitstream 352 while register 322 represent the same number of bits as decryption 

configuration logic 305 instantiates decryptor 350 (step key 345, this need not be the case. In one embodiment, for 

410). The result of the hash function, the "hash result/' is example, the parallel output terminals of XOR gate 325 are 

stored in hash register 322 and compared to the proprietary 65 ORed and the result is presented to one half the inputs to 

hash key 342 (step 415). Only those bitstreams that produce XOR gate 330. Thus configured, if any bit of hash key 342 

the desired hash result will provide access to decryption key does not match the output terminal of hash register 322, then 
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one half of inputs to XOR gate 330 will be logic ones. XOR 
gate 330 will therefore invert decryption key 345. 
Alternatively, the output terminals of the added OR gate 
could be fed to the inputs of a second OR gate substituted for 
XOR gate 330. In that case, a mismatch between hash key 5 
342 and hash register 322 will cause all logic ones to be 
presented to decryptor 350 in lieu of the correct decryption 
key (presumably, decryption key 345 is not selected to be all 
ones). 

FPGA300 includes block RAM 310. Some embodiments 10 
of the invention take advantage of block RAM 310 by 
storing some decrypted configuration data in block RAM 
310. Then, once decryptor 350 is no longer needed, the 
configuration data in block RAM 310 is used to configure 
the portion of array 315 in which decryptor 350 resided. This 
process allows for more efficient use of array 315. 
Alternatively, the portion of array 315 in which decryptor 
350 resides can be programmed in the clear after decryptor 
350 decrypts functional circuitry 355. 

A DES algorithm is used, in one embodiment, to encrypt 2Q 
the bitstream used to instantiate functional circuitry 225 
(FIG, 2) and functional circuitry 355 (FIG. 3). Decryptors 
215 and 350 of FIGS. 2 and 3 perform the inverse of the 
same DES function to decrypt encrypted bitstreams. The 
DES algorithm is well known to those of skill in cryptog- 25 
raphy. 

FIG. 5 is a flowchart 500 summarizing the Data Encryp- 
tion Standard (DES) encryption algorithm. For a detailed 
treatment of DES, used both for encryption and decryption, 
see "Applied Cryptography, Second Edition: Protocols, 30 
Algorithms, and Source Code in C," by Bruce Schneier 
(1996). Pages 265-285 of Schneier relate specifically to 
DES, and are incorporated herein by reference. A Xilinx 
application note entitled "DES Encryption and Decryption 
on the XC6216," by Ann Duncan (Feb. 2, 1998), describes 35 
the design and implementation of DES encryption/ 
decryption on an XC6216™ FPGA available from Xilinx, 
Inc. That application note is also incorporated herein by 
reference. 

FIG. 6 A is a block diagram 600 representing the hash 4Q 
function performed by hash-function logic 320 of FIG. 3. 
For simplicity, the bitstream in the illustrated example 
consists of three 64-bit data blocks B 1? B 2 , and B 3 ; the hash 
function can be extended to any number and size of data 
blocks. In one embodiment, hash-function logic 320 uses a 45 
cipher-block chaining method outlined in the above -cited 
Schneier reference on e.g. pages 193-197. Those pages are 
incorporated herein by reference. 

The first data block Bj is encrypted using a conventional 
encryption algorithm E 0 , in one embodiment the DES 50 
algorithm described above in connection with FIG. 5. This 
encryption employs a secret encryption key U G" (encryption 
key 340 of FIG. 3, for example) to encrypt the first data 
block B r The resulting encrypted 64-bit block E^Bj) is 
then XORed with the second data block B 2 , the XOR 55 
function being represented by a conventional XOR symbol 
610. The resulting 64-bit value, {E C (B 1 )}©B 2 is then 
XORed with the next, data block B 3 and the result is 
subjected to the encryption algorithm E a to produce the hash 
value. This process, conventionally known as cipher block 60 
chaining, produces a 64-bit hash value 615 that depends 
upon all of data blocks Bj_ 3 . 

FIG. 6B is a flowchart 650 illustrating a method of 
performing the hash function of FIG. 6A on a decryptor 
bitstream made up of an arbitrary number of 64-bit data 65 
blocks. This method is implemented by hash-function logic 
320 of FIG, 3 in one embodiment of the invention. 



In step 655, hash-function logic 320 encrypts the first 
64-bit data block of an incoming decryptor bitstream and 
stores the resulting encrypted data in hash register 322 (i.e., 
R 322)- Then, for each additional block hash-function 
logic 320: 

1. performs a 64-bit exclusive OR (XOR) of the contents 
of register 322 and the additional block B N ; 

2. encrypts the contents of hash register 322 using encryp- 
tion key G; and 

3. stores the result, Et^R^^Bjy), back in hash register 
322. 

The foregoing procedures are represented in FIG. 6B as the 
"For" loop that includes steps 660, 665, and 670. 

When no more data blocks are available (e.g., when 
hash-function logic 320 reaches the end of the decryptor 
bitstream 352), hash register 322 contains the hash value of 
decryptor bitstream 352, As discussed above in connection 
with FIG. 3, XOR gate 325 compares hash value in hash 
register 322 with hash key 342 to ensure that decryptor 
bitstream 352 represents an authorized decryptor. If not, then 
XOR gate 330 presents the wrong decryption key to instan- 
tiated decryptor 350. 

Some PLDs are designed to respond to a "readback" 
command by outputting a bitstream (the readback data) that 
includes the configuration data of the PLD. The readback 
command is disabled on devices implementing the present 
invention to prevent a thief from simply reading back the 
decrypted configuration data. Alternatively, an encryptor 
could be instantiated on a PLD to re-encrypt configuration 
data readout of the PLD. For more information relating to 
readback operations on Xilinx XC4000'™ series FPGAs, see 
Xilinx, Inc., "The Programmable Logic Data Book" (1998), 
pp. 4-56 to 4-59, and Wolfgang Hoflich, "Using the 
XC4000™ Readback capability," XAPP 015.000, pp. 8-37 
to 8-44 (1993). Both of these documents are available from 
Xilinx, Inc., of San Jose, Calif., and are incorporated herein 
by reference. 

Various nodes within FPGA 300 must be protected from 
observation to avoid compromising security. These nodes 
include the output terminals of proprietary keys 340, 342, 
and 345 of NVM 335 and the output terminal of decryptor 
350. Care should therefore be taken to ensure that such 
nodes are not and cannot be configured to be accessed via 
any input/output pins of FPGA 300, 

Some configuration information is easily observed once 
the FPGA is operational. For example, one can measure the 
voltage on an input/output block of an FPGA to determine 
whether that input/output block is configured to include a 
pull-up resistor. If this observable data is a result of some 
decryption, skilled crypto lo gists can make use of this data to 
leam something about the decryption process, and possibly 
to breach security. It may be desired, therefore, to identify 
those bits of configuration data that can be easily observed 
once the FPGA is configured and to transmit those data in 
the clear. Of course, the encryptor and decryptor must both 
understand which data is to be transmitted in the clear and 
which is to be encrypted. 

Hash-function logic 320 and decryptors 215 and 350 are 
not limited to the DES algorithm; other types of 
algorithms — many of which are well known — can also be 
used. For example, a public -key algorithm such as RSA 
(named for its creators X-480 Rivest, Shamir, and Adleman) 
can be used for both encryption and decryption. FPGA 
vendors could then program a private key into non-volatile 
memory on the FPGA and core developers could use a 
corresponding public key to encrypt their designs. 
Moreover, several decryption keys can be stored in each 
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FPGA so that a different key can be used in the event that 
one of the keys is stolen. 

Configuring an FPGA to include a decryptor, as opposed 
to fabricating the FPGA with a hard-wired decryptor, saves 
valuable die area and allows users to select appropriate 
encryption/decryption schemes. For example, some desir- 
able algorithms are not approved for export. A user may 
therefore select an approved decryptor for export and select 
another algorithm for local sale. Alternatively, a distributer 
of FPGAs can simply sell standard FPGAs and allow 
purchasers to select the appropriate legal decryption scheme 
that provides a desired level of security. 

While the present invention has been described in con- 
nection with specific embodiments, variations of these 
embodiments will be obvious to those of ordinary skill in the 
art. For example, 

1. some FPGAs might be programmed with additional 
keys to support multiple decryptors or hash functions; 

2. the decryptor and encrypted bitstreams can be com- 
bined into a single bitstream; 

3. decryption and hash keys could be implemented using 
digital logic integrated with other PLD circuits to make 
the key values more difficult to discover by reverse 
engineering (e.g., a decryption key could be nodes of a 
logic circuit integrated into the decryptor). 

Moreover, some components are shown directly connected 
to one another while others are shown connected via inter- 
mediate components. In each instance the method of inter- 
connection establishes some desired electrical communica- 
tion between two or more circuit nodes, or terminals. Such 
communication may often be accomplished using a number 
of circuit configurations, as will be understood by those of 
skill in the art. Therefore, the spirit and scope of the 
appended claims should not be limited to the foregoing 
description. 

What is claimed is: 

1. A programmable logic device comprising: 

a. an input pin adapted to receive encrypted configuration 
data; 

b. a non-volatile memory element adapted to store a 
decryption key; 

c. a decryptor having a first input terminal adapted to 
receive the encrypted configuration data, a second input 
terminal adapted to access the decryption key, and an 
output terminal, wherein the decryptor is adapted to 
decrypt the encrypted configuration data and to provide 
resulting decrypted configuration data on the output 
terminal; 

d. an array of configurable logic programmed to imple- 
ment the decryptor, wherein at least a portion of the 
decryptor is instantiated in the array of configurable 
logic; and 

e. configuration logic having an input terminal connected 
to the decryptor output terminal and an output terminal 
connected to the array, the configuration logic being 
adapted to receive the decrypted configuration data and 
to configure the array as directed by the decrypted 
configuration data. 

2. The programmable logic device of claim 1, further 
comprising hash-function logic adapted to authenticate the 
portion of the decryptor. 

3. The programmable logic device of claim 2, further 
comprising a second non-volatile memory element con- 
nected to the hash-function logic, the second non-volatile 
memory element adapted to store a hash key. 

4. The programmable logic device of claim 2, further 
comprising a second non-volatile memory element con- 
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nected to the hash- function logic, the second non-volatile 
memory element adapted to store an encryption key. 

5. A programmable logic device comprising: 

a. non-volatile memory adapted to include a secret key; 

b. an array of programmable logic configured to include 
a decryptor, the decryptor including: 

i. a first input terminal adapted to receive encrypted 
configuration data; 

ii. a second input terminal connected to the non-volatile 
memory and adapted to receive the secret key; 

iii. decryption circuitry providing a decrypted version 
of the encrypted configuration data based on the 
secret key; and 

iv. an output terminal adapted to provide e the 
decrypted version of the encrypted configuration 
data; and 

c. configuration logic having a configuration logic input 
terminal adapted to receive the decrypted version of the 
encrypted configuration data, 

6. The programmable logic device of claim 5, further 
comprising a plurality of pins adapted to provide electrical 
access to and from the programmable logic device from 
circuits external to the programmable logic device, wherein 
the output terminal of the decryptor is not connected to any 
one of the pins. 

7. A method of configuring a programmable logic device 
to perform a desired logic function, the method comprising: 

configuring configurable logic of the programmable logic 
device to include a decryptor; 

sending encrypted configuration data to the decryptor, 

decrypting the encrypted configuration data to produce 
decrypted configuration data representing the desired 
logic function; and 

configuring the programmable logic device to perform the 
desired logic function using the decrypted configura- 
tion data. 

8. The method of claim 7, further comprising removing 
the decryptor after decrypting the encrypted configuration 
data. 

9. The method of claim 7, wherein configuring the pro- 
grammable logic device to include a decryptor comprises 
providing a bitstream representing the decryptor to the 
programmable logic device. 

10. The method of claim 9, wherein configuring the 
programmable logic device to include a decryptor further 
comprises performing a hash function on the bitstream 
representing the decryptor to authenticate the decryptor. 

11. The method of claim 10, wherein performing the hash 
function produces a hash result, the method further com- 
prising comparing the hash result with a hash key to authen- 
ticate the decryptor. 

12. The method of claim 11, further comprising providing 
the decryptor access to a decryption key only if the hash 
result matches the hash key. 

13. A system comprising: 

a programmable logic device having an input terminal; 
and 

a memory having an output terminal connected to the 
input terminal of the programmable logic device, the 
memory programmed to include: 
decryptor data adapted to instantiate a decryptor in 
configurable logic of the programmable logic device; 
and 

encrypted configuration data adapted to instantiate a 
desired logic function in the programmable logic 
device. 
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14. A system for protecting configuration data adapted to 
instantiate a desired logic function in a programmable logic 
device, the system comprising: 

means for encrypting the configuration data; 
means for configuring configurable logic of the program- 
mable logic device to include a decryptor; 
means for sending the encrypted configuration data to the 
decryptor to produce decrypted configuration data; and 
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means for instantiating the desired logic function using 
the decrypted configuration data. 

15. The system of claim 14, further comprising means for 
removing the decryptor after configuring the programmable 

5 logic device to perform the desired function. 

16. The system of claim 14, further comprising means for 
authenticating the decryptor. 

* * * * * 
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